Whole Disk Encryption (WDE) is good security for your data

disk_with_chainWhole Disk Encryption (WDE) is the technology to encrypt the entire drive of a computer to prevent unauthorized access to the data on the drive.

WDE is required for laptops used by many organizations such as government, health care, finance and business.

WDE is good for anyone who wishes to securely protect their data.

All Operating Systems and all drives can be encrypted with built in software or add on software.

This document is about encrypting the computer’s system drive so that a password is required to boot and access any data on the drive.  This document covers Windows (BitLocker and alternatives), Mac and Linux WDE.

Note that WDE adds an additional level of security by encrypting the entire system disk in addition to your computer’s logon account (username and password).  You will have 2 account passwords (also known as keys) to manage.  Depending on  how WDE is installed, you may or may not be prompted for the WDE key.


Microsoft calls their WDE solution BitLocker and it is available in some versions of Windows.  The Home versions do not have WDE available.  BitLocker and is available with the following versions  of Windows.

  • Windows Vista Ultimate and Enterprise (not Business)
  • Windows 7 Ultimate and Enterprise (not Professional)
  • Windows 8.1 Pro and Enterprise
  • Windows 10 Pro and Enterprise

If you have a Home version of Windows or a version not listed above you are out of luck with BitLocker unless you want to upgrade to an available version that does have BitLocker.   Windows 7 and 8.1 Anytime Upgrades apparently are no longer available from Microsoft.  Windows 10 Home to Pro is available for 99USD (Click Start > Settings > Update & security > Activation > Go to store to see options).  Windows Pro full version or OEM can be found for 199USD or less.  Don’t buy cheap licenses from questionable sources.

Fortunately there are some non-Microsoft WDE solutions available discussed later.

BitLocker is designed for business class and enterprise computers with a Trusted Platform Module (TPM) and loaded with a Pro or Enterprise version of Windows that contains BitLocker.  Business class computers are built more durable, have a TPM and are more expensive than home computers and laptops.

The TPM is a hardware module that performs cryptography functions and interacts with the computer hardware and software to strengthen encryption.

If you are encrypting your business laptop, let your IT department help you.

Bitlocker with a TPM  is straightforward to install and invisible to the user.

There are workarounds for Windows computers without a TPM.

For the home or small business user you can enable BitLocker with or without a TPM.  BitLocker without a TPM requires a USB drive with the key file stored on it or typing in the lengthy key when the PC boots.

Here are my experiences with Bitlocker without a TPM and with a USB

The PC must recognize the USB drive in BIOS during the boot to work with BitLocker.  A wonky USB drive (ie partition issues) can prevent BitLocker from installing or working.  After a successful encryption with BitLocker, the booting PC will present you with a black screen saying “Remove disks or other media.  Press any key to restart”  I found this message confusing.  Don’t remove your USB drive with the key file, just press Enter.

The USB drive can be removed after booting to free the USB port.  The USB drive with the key file must be plugged into a PC USB port, not a USB hub port.  There are reports that direct motherboard USB ports and not USB 3.0 ports are better so if you have issues, try a different USB port.

How to enable BitLocker with a USB drive

First you need to change two settings with the Local Group Policy Editor.  Click Start, type in gpedit.msc in the search box.  In the Local Group Policy Editor snap-in, navigate the tree Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives  then double click Require additional authentication at startup.  This will open a window, click Enabled, check the box Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive) then click Apply then OK and exit Group Policy Editor.

Local Group Policy Editor - BitLocker require additional authentication at startup  - screen

Local Group Policy Editor – BitLocker require additional authentication at startup – screen

Next we will use the Manage BitLocker utility to encrypt the drive.  Click Start, type in BitLocker and click on Manage BitLocker.  Here you’ll see your C: drive.  Click the link Turn on BitLocker.  Follow prompts.  See BitLocker resources below.

BitLocker Drive Encryption - manage Bitlocker

BitLocker Drive Encryption – manage Bitlocker

The Run BitLocker system check always puts me in a loop so I uncheck that box when I see it.

The Run BitLocker system check always puts me in a loop so I uncheck that box when I see it.

BitLocker Windows 7 Ultimate in the process of encrypting the system drive.

BitLocker Windows 7 Ultimate in the process of encrypting the system drive.

BitLocker resources

SecureDoc by winmagic.com is a WDE solution for all versions of Windows, does not require a TPM and is FIPS 140-2 certified. The standalone/unmanaged version is about 110USD.

There are free WDE solutions for Windows that do not require a TPM and are secure.

VeraCrypt is a fork of TrueCrypt.

TrueCrypt is still used even though support has been discontinued.  A recent independent audit of the code found it sound.


WDE is available on Mac computers with OS X Lion or later.  It is called FileVault.



WDE is available in modern Linux distributions and can be easily enabled during the installation of Linux on the computer.  It is called Linux Unified Key Setup (LUKS) and dm-crypt.

TrueCrypt is still used even though support has been discontinued.  A recent independent audit of the code found it sound.

DiskCryptor – full disk encryption only.  I have no experience with this product.

Don’t lose or forget your keys and passwords!

Forgetting or losing your passwords or keys can result in total loss of your data!  In an enterprise situation, your IT department can help recover passwords.  But in a standalone, unmanaged, you own your personal computer situation losing passwords can be a disaster.  Encrypted data cannot be recovered.  That is why it is encrypted.

Always backup your data before encrypting.

Always make copies of your WDE key.  The BitLocker key is a 48 character long number.  It is stored in a file on the USB drive for easy unlocking during booting.  If you don’t have the USB you can manually type in the key to unlock during booting.

Make copies of the USB drive with the key file, make copies of the file, print the file and/or store it at your Microsoft account, whatever works for you.

A BitLocker key file.

A BitLocker key file. The identification ID identifies the computer this recovery key is for (useful if you have multiple computers protected by BitLocker).

Safeguards for keys.


Microsoft Enterprise networks and commercial WDE software for Windows Enterprises can be configured to store WDE passwords so the data can be accessed if the user forgets the password.

See the information in the section above “Don’t lose or forget your keys and passwords!”

When you are logged on to a Windows PC with BitLocker enabled, the key information can be displayed by the command (run as administrator) “manage-bde –protectors c: -get”


Demonstrating the command to reveal the ID and Password for WDE. This will unlock WDE but you still need your computer account credentials to log on.


Mac FileVault can be recovered with a password or recovery key.  Recovery can be configured with an iCloud account to assist with disk unlocking. https://support.apple.com/en-us/HT204837


VeraCrypt and TrueCrypt both require that you burn a rescue disk CD during system drive WDE which will help recover damaged boot loaders but you still must know your account password.

How secure is WDE?

Windows BitLocker is closed source software so we don’t know exactly how it works and if it has a back door.  There is a driver available that allows Linux to read a BitLocker drive and that makes me wonder about the security of BitLocker – if these people could reverse engineer or figure out the API for BitLocker, what else is known?  http://www.hsc.fr/ressources/outils/dislocker/

SecureDoc is closed source.

TrueCrypt is open source and has passed audit. http://www.pcworld.com/article/2905995/truecrypt-audit-shows-no-sign-of-nsa-backdoors-just-some-minor-glitches.html

VeraCrypt is open source.

Who knows what the NSA can do.


WDE programs can also encrypt other drives and USB drives.

FIPS 140-2 is a Federal Information Processing Standard that is used to approve and certify cryptographic modules including WDE.  Organizations may require that hardware and software is FIPS 140-2 certified.


Posted in Uncategorized | Tagged , , , , , , | 2 Comments

USA Executive Branch responds to alleged Russian Hacking December 2016

President Obama

December 29, 2016 President Barack Obama responded to alleged Russian hacking with sanctions, expulsion of 35 suspected Russian intelligence operatives, an executive order and a 13 page document describing the Russian hacking.

The 13 page paper titled “GRIZZLY STEPPE – Russian Malicious Cyber Activity” gives us an overview of the hacking of USA “government organizations, think tanks, universities, and corporations around the world” by “Russian Military and Civilian Intelligence Services (RIS).”   The report includes an overview of the tactics used, 2 diagrams, a code fragment, and a list of reported RIS handles and file names.  Half of the paper is textbook copy and paste recommended mitigations.  The paper points out that “APT29 successfully compromised a U.S. political party.”  APT29 is a suspect RIS and the political party would be the Democratic National Committee although it is not specifically identified as such.

President-elect Trump

December 28, 2016 President-elect Donald Trump spoke in Florida about President Obama’s plan to take action against Russia for alleged hacking.

“I think we ought to get on with our lives,” he said. “I think that computers have complicated lives very greatly. The whole age of computer has made it where nobody knows exactly what is going on. We have speed, we have a lot of other things, but I’m not sure we have the kind, the security we need.”


I use the term alleged hacking because I have not seen and reviewed the facts about this reported hacking.

I do believe that all nations spy on other nations to the extent that they can.





US CERT references

GRIZZLY STEPPE – Russian Malicious Cyber Activity – at US CERT – https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity

GRIZZLY STEPPE Indicators CSV – https://www.us-cert.gov/sites/default/files/publications/JAR-16-20296A.csv

Publication – https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf

Edit.  1/8/17 add US Cert references

Posted in Uncategorized | Tagged , , , , | Leave a comment

Email insecurity

email sign

Email was invented 50 years ago at a time when security and privacy were not major concerns.  Times have changed.  Now every government, business, hacker and vandal wants to mess with your email.  Now email has plenty of security and privacy issues.

Here are my quick suggestions for safer email and then some detailed explanations.


Quick suggestions for safer email

  • DO NOT open attachments or click on links in emails that are suspicious.  Be careful.
  • Use good passwords.
  • Use two email accounts – one for important stuff and a second for less important stuff.
  • Protect your important email account with 2 factor authentication.
  • Don’t put anything in an email that you wouldn’t want the world to know.
  • If you must send sensitive documents, encrypt them.
  • Don’t respond to spam or trolls.


Getting hacked by email

Email is the most common way to get hacked.

The results of a phishing email hack can be as ugly as identity theft, monetary loss, data loss and reputation damage.

The phishing email message may look legitimate but contains a malicious attachment or link.  This is how the bad guys grab control of your computer.  They send you an official looking email that scares or intrigues you.  The email has an attachment that you open and run.  This installs a virus.  Or the email has a link.  You click the link, open a website and a virus gets installed.  Or the link takes you to a real looking website that asks you for login credentials or personal information.

The virus can do bad things – silently monitor your keystrokes for passwords which it sends back to the hacker, encrypt your files and demand a ransom, make your computer a botnet member, change your DNS so that you browse to counterfeit websites, monitor your computer use and so forth.

Email errors and privacy

You may think that you are in control of your email, but there are plenty of ways to lose it.  Sending it to the wrong address, CC, BCC, reply all can send email off to unexpected recipients.  Realize that email can be forwarded with a click.  Walk away from your device and someone can use your account, even change the password.  Hackers.  Drunk email.

Best not to put anything you wouldn’t want the world to see in an email.

Email is forever

Nothing is forever but web mail services and business email are being backed up.  Web mail services may be backed up indefinitely.  Businesses have the right to delete after a legal retention time.  You may think that you deleted an email but it exists on a backup somewhere.   Oddly the US government considers email older than 6 months fair game to read without a warrant.  Hackers, employees, system administrators and subpoenas can get access to email.

Governments and businesses are collecting and archiving all the information that they can get their hands on including email.

What you write goes into your permanent file.

Plain text

When email is sent between systems it is usually in plain text.  This means that anyone along the way can a read, modify or make a copy of the email.  Some mail transfers are encrypted but don’t count on it.  Mail encryption software has been around a long time but never gained widespread acceptance due to its complicated nature.

When email is in plain text is gone.  Messages can be modified so authenticity is gone.  Realize that all mail messages are vacuumed up by government and business everywhere for analysis and storage and plain text is just all that easier to analyze for government and business reasons.

Other email annoyances

Spam.  Spam.  Spam.  Spam.

Scams.  Scams have been around since day one, now email is a new high tech way to commit fraud.  Examples are emails that try to trick you into thinking that you owe the IRS and need to make a payment immediately or be arrested.  Offers of romance and pharmaceuticals.  The Nigerian Prince needs your help transferring millions of dollars and will pay for your help.

Spoofed email.  Email From fields can be made to say anything and appear to be from someone important.  The email header can show the true source of an email.

Reply and Reply All gotchas.  Email clients default to Reply only to the sender.  If the message was sent to a group and people only Reply to the sender, the conversation gets fragmented real fast.

Email lacks cues for emotion so it is easy to write ambiguous email and misread the intention of email.  Is he angry?  Is she being funny?  For this reason be careful to write clearly and even add those dumb emoticons 🙂 to clarify.  DON’T SHOUT UNLESS YOU MEAN IT!

Email overload can cause one to miss important messages.

You can do everything right but the email provider fails

An email provider can get hacked and your account can be stolen.  Yahoo! email is an example of a service that got hacked.  A flaw in an email system can expose you to exploits.

An email provider can go out of business and lock you out of your email or make mistakes and lose your email.

Customer service may be difficult or impossible for web based services.

Recovering forgotten passwords can be difficult.  Recovering passwords for the deceased can be difficult.

Business email

Every business uses email.  They want their system private and secure so that their business secrets, transactions and client information are safe.  Most businesses take their email seriously and take steps to protect and secure their systems.

One step a business will take is to require that employees read and sign an agreement called an Acceptable Use Policy (AUP) that spells out what email may be used for, limiting personal use, requirements for sending sensitive information, password requirements, antivirus requirements, cautions about phishing and attachments and more.  You may have seen warnings and policies displayed when logging on to a business system.  You may have seen those disclaimers at the bottom of business emails stating that business correspondence is confidential and if you received it by mistake you must delete it.

Business email is highly vulnerable to phishing and malicious attachments.  This is a good way for hackers to gain a foothold on one computer then penetrate the whole system.

Compromised email systems can be a big embarrassment when emails are released – think Wikileaks, the hacks of Sony and the DNC.

The company owns the computer system and everything on it including email so they have the right to monitor and read everyone’s email.  This can be done in an automated fashion, looking for keywords.  Realize that the company sees everything in email.

Use discretion with personal use of company email.  Employees can be disciplined or fired for email errors, misuse or use contrary to company HR policies.  If you aren’t getting promotions, maybe it is because you called the boss a clown in email.

At work, use your smartphone for personal email.  If you wish to use a web mail service at work at least check site’s certificate in your browser for evidence of a proxy.


Where is your email stored?  Two ways to email

There are two popular ways to send, receive and store email.  One way is using an email client on your computer and the other is using a web based email service.

An email client such as Outlook stores your email in a big file on your computer.  It will receive emails from a server (POP3) or synchronize emails with a server (IMAP and MAPI).  One advantage is that you have all your email on your computer and don’t need an Internet connection to access it, like on the road.  But there are many disadvantages to storing your email this way.  The worst is you can lose all your email if you move it from the server to your client (POP3 with delete) and then lose your client by having your computer stolen, lost or the hard drive fails.  People rarely backup to avoid this loss. Another disadvantage is that your email is only accessible on the one device.  Outlook is good in a business environment with exchange server and nerds to maintain it all but for the home and small business user I recommend a web based email service.

Web based email services include AOL Mail, Gmail, Outlook/Hotmail and Yahoo! Mail.  The advantages of web based mail is that you can access it from any Internet device via browser or app and the service backs up your email.  These services offer free accounts with plenty of storage and include other services like calendars and online office suites.  The disadvantage of web email services is that they use and sell your information to advertisers, business and anyone else.

There are other ways to use email.  One is to use a paid service that promises not to read or sell your email info.  Choose a service in a neutral country to avoid government interference.  You can use your own mail server.  You can encrypt everything.

Email at untrusted locations

Using email at untrusted locations such as public libraries or a friend’s computer carries the risk of keystroke loggers.

Using email with untrusted WiFi is best done with a VPN.

Look for the https:// in the address bar to know that you are using an encrypted connection to the website.


Posted in Uncategorized | Tagged , , , , , | 1 Comment


bitcoin logoHere is my experience with Bitcoin and some resources.

Bitcoin is an innovative payment network and a new kind of money.

Bitcoin uses peer-to-peer technology to operate with no central authority or banks; managing transactions and the issuing of bitcoins is carried out collectively by the network. Bitcoin is open-source; its design is public, nobody owns or controls Bitcoin and everyone can take part.

– bitcoin.org


I set up a Bitcoin wallet.  Then I bought some bitcoin which was deposited to my wallet.  Now I’m ready to buy and sell with bitcoin.

The details.  Actually I set up two wallets.  The first is with an online exchange (coinbase.com) which I linked to my checking account.  I transferred an amount of money from my checking account to the wallet.  As a second test, I transferred money from a credit card to the wallet.  This wallet is accessible from the website and a smartphone app.

My second wallet I set up on my computer with wallet software from electrum.org.  I used a Bitcoin ATM to transfer US dollars (paper bills) to my Electrum wallet.  This wallet is only accessible on my computer but I made a printout of my QR code so I could deposit money at the Bitcoin ATM.

Electrum wallet for Bitcoin.

Electrum wallet for Bitcoin.

The details of the fees and wait times for transferring money into a wallet are laid out in tables at the end of this post.

Bitcoin transactions are done with the wallet software and the receiving address.  The receiving address is a long alphanumeric string of 34-36 characters which can be typed in but is more easily scanned in via QR code, copy and pasted or read from a file.


Electrum wallet send bitcoin.

Electrum wallet receive bitcoin.

Electrum wallet receive bitcoin.

For mobile transactions, the smartphone rocks, displaying the QR code on the screen and reading the QR code by camera.

Now my definition of Bitcoin –

Bitcoin is numbers in a public ledger that represent people’s holdings in bitcoin.  Bitcoin is just encrypted numbers.  People keep a copy of their Bitcoin numbers in a wallet, ready for transactions.  A Bitcoin wallet can be an app, computer program, website or paper.  The Internet is required to glue it all together.  The Bitcoin public ledger is distributed, maintained, encrypted and secure.  Bitcoin has value as long as people value bitcoin.


  • Cool
  • Private
  • Not controlled by governments, banks, anyone
  • Lower fees than credit cards for merchants
  • The underlying technology is fascinating – cryptography, block chains, Internet
  • International
  • Transactions are “instant” (seconds or minutes for extra confirmation)


  • Requires technology and understanding how to use it
  • Bitcoins can be lost or stolen by errors, loss, failure, hackers
  • Lost bitcoins are forever lost
  • Bitcoin transactions cannot be reversed (like a credit card transaction can be reversed)
  • Confusion about legality and taxation
  • May be illegal in some locations
  • Limited acceptance by merchants
  • Converting cash to Bitcoin and back can be inconvenient and fee based
  • The Bitcoin system could fail – crashing down in value or completely or become illegal

Backup your wallet and use a good password.  Choose a reputable exchange for wallet storage and currency exchange.

The Bitcoin reputation has been tarnished by being associated with purchasing illegal items, money laundering and the Dark Web.  On the good side, major merchants accept bitcoin – Microsoft, Dell, Virgin Atlantic, Sacramento Kings examples – as well as charities, mom and pop businesses, people and politicians(!) (see Wikipedia entry for Bitcoin).

The history of Bitcoin is a hoot. It was invented by a person named “Satoshi Nakamoto” in 2008 who disappeared from the scene without anyone knowing his real identity or fate.  I hope this genius is fat and happy living off his Bitcoin millions somewhere.

I have enjoyed my dive into Bitcoin.  Will I use it?  Only time will tell.

Check it out.  Get a wallet, some bitcoin and enjoy.



Web site:  bitcoin.org

Web site:  wikipedia.org Bitcoin

Book:  Bitcoin for the Befuddled (2015)

Book:  Bitcoin for Dummies – 1st edition (2016)

Video documentary: The Rise and Rise of Bitcoin (2014)

Video documentary: Bitcoin: the End of Money as We Know It (2015)




Bitcoin Exchange


Internet resources

Locate Bitcoin ATMs:  coinatmradar.com

Blockchain information:  blockchain.info


My research to buy bitcoin

buy bitcoin from method of purchase % fee wait time notes
coinbase.com credit card 4 instant
coinbase.com checking account 1.5 with $0.15 minimum 5 business days ACH
Bitcoin ATM – coinucopia.io cash 3 instant
person to person cash exchange for bitcoin 0 to 15 or fixed price markup (example 7%) instant parties negotiate exchange rate
person to person sell item(s) for bitcoin instant

My research to sell bitcoin

sell bitcoin to deposit cash to % fee wait time notes
coinbase.com checking account 1.5 with $0.15 minimum 2 business days
coinbase.com USD wallet 1.5 instant
person to person buy item(s) for bitcoin instant
person to person cash exchange for bitcoin 0 to 15 or fixed price markup (example 7%) instant parties negotiate exchange rate
Bitcoin ATM some Bitcoin ATMs will convert bitcoin to cash for fee
Posted in Uncategorized | Tagged , | Leave a comment

Updating a Samsung Galaxy S3 ATT phone to CyanogenMod 12.1

Mark shows off his Samsung Galaxy S3 phone with CyanogenMod 12.1

I updated my 4 year old Samsung Galaxy S3 ATT phone with CyanogenMod.

The original Android version was sluggish, boring and insecure. The new Android version is lively, fresh and more secure.

CyanogenMod is an open source Android operating system for Android smartphones.

I am very happy with the end result.

Note that the process to update an Android phone is very specific to the phone model and my experience is with the Samsung Galaxy S3 sold by ATT USA model SGH-I747 with the original Android 4.4.2 (Jelly Bean).

Pros and cons to upgrading an Android phone to CyanogenMod

The good

  • New life for an old phone
  • New clean user interface
  • New features
  • No vendor crapware
  • Faster performance
  • Updates
  • Open source
  • Free

The bad

  • The Internet is filled with multiple ways to update, some outdated, some inaccurate
  • Complicated project that requires a level of technical knowledge
  • Time consuming project – research, backups, file copies, installing Android SDK, first boot are all time consuming

The ugly

  • Possible to brick the phone (render it broken)

I always wanted to try CyanogenMod being a big fan of open source software and clean user interfaces.

But I was afraid to experiment with my one phone, fearing the worst, bricking it then be suddenly without a phone.

Then I bought a new mobile phone and that left me free to experiment.

After a lot of research on the Internet and watching YouTube videos I realized that I could do it but wanted to find the easiest and most reliable path to CyanogenMod.

There is a confusing variety of methods for

  • carrier unlocking (if needed)
  • rooting (if needed)
  • boot unlocking (if needed)
  • flashing a bootloader
  • selecting the CyanogenMod ROM
  • backing up the original ROM
  • transferring files to the phone’s SD storage
  • flashing the CyanogenMod ROM
  • flashing Google Apps
  • and other details

I chose going to the origin, CyanogenMod, for the instructions and links to required software. CyanogenMod is abbreviated CM and the website is cyanogenmod.org.

I found the CM instructions for my phone good but not detailed and I did have some glitches.

If you are going to follow my path, I recommend using the CM instructions and reading my notes below.

I am very pleased with the results! My 4 year old Samsung Galaxy S3 is a joy with the new clean interface, lively performance, new features and security updates. Well done CyanogenMod people.

CM 12.1 (the ROM I chose) is based on Android 5.1 Lollipop. The new features I have discovered so far include Task Switcher, photo editing features, tethering, Encrypt phone and File Manager Secure storage.

I do not miss the crapware installed by ATT and Samsung on the original issue carrier locked phone.

When my 2 year contract with ATT completed I asked for the carrier unlock code which they supplied.  I carrier unlocked my phone so that I could transfer my service to a less expensive pay as you go carrier and I kept my same phone number.

Google has discontinued support for Android KitKat. Plenty of security vulnerabilities have been found and exploited for this OS. No security updates is inexcusable and an ugly industry dirty secret.

I made sure my phone information was synced to my Google account so I did not mind wiping it. If your phone has important data (apps, SMS, contacts, photos, whatever) please backup.

Here are the notes on my path to update. I used a Windows 7 PC in the process. This worked for me Nov 26, 2016. I do not guarantee this process or the results.

How to install CyanogenMod on this phone.


Heimdall is a cross-platform, open source tool for interfacing with Download Mode on Samsung devices. The preferred method of installing a custom recovery is through this boot mode.

Rooting the stock firmware is neither recommended nor necessary.

The Heimdall Suite requires a SPECIFIC version of Microsoft Visual C++ 2012 Redistributable Package (x86/32bit) make sure you grab the right one.

How to install the new bootloader.

I used TWRP (Team Win Recovery Project, I was curious about the acronym) https://dl.twrp.me/d2att/twrp-

I did not see a “blue transfer bar” as described in the instructions.

After installing this bootloader is is a good idea to backup your present ROM to the SD card (careful, the default is to internal storage)


For CM I used “Download Latest Release” from


For Google Apps (required if you will use Google Store) I downloaded CyanogenMod 12.1 OpenGApps from https://wiki.cyanogenmod.org/w/Google_Apps

Later you can flash them both at the same time.

How to install Android Studio. This will give you the adb utility and full app development if you want to play with that. Note installing this software takes a long time.


How to make adb command work from any folder with a Windows path edit


Add to Windows path


In the string above, modify username to match your path.  Also, your path may be different.

Then reopen Windows terminal for the path to be in effect.

Adb issues and a workaround

Adb utility did not work for me so I could not issue the “adb reboot nvbackup” command or adb push commands. Maybe something to do with enabling Developer options and USB debugging https://wiki.cyanogenmod.org/w/Doc:_developer_options but this step is not in the instructions. Maybe Windows USB driver issues.

I ended up copying the CM ROM and Google Apps ROM manually to my SD card and flashing them from SD.

In retrospect is Google Studio with adb even necessary if it is only used to push files from the PC to the phone? There are other ways to put the files that you need on the phone’s SD card.  Put the SD card in your PC SD card slot or use a SD card adapter and copy files.  Or before the update, plug a USB cable into the PC and phone and copy files.  Copy files to the SD card root folder.  The two files that you need are the CyanogenMod and OpenGApps, both .zip files in my case.


The terms used for installing and updating Android are confusing. The memory on the phone where Android is installed is interchangeably called ROM, firmware, flash memory and memory.  Android is called a mobile operating system, Operating System and OS.  The Android file is called software, image, package or zip file.  The process of installing and updating Android is also called flashing.

People often say “flashing the ROM” meaning installing the software, ie CyanogenMod, to the phone.

Yes ROM means Read Only Memory and is a historical term still used but not accurate.

First boot of CM takes forever! Do not panic!




Cyanogenmod.org wiki

How to Reset the phone to factory, not required but here for reference http://www.wikihow.com/Reset-a-Samsung-Galaxy-S3

Samsung Galaxy S 3 (S III) SGH-I747 for ATT (AT&T) specifications.

Posted in Uncategorized | Tagged , , | Leave a comment